Japan Vulnerability NotesJVN:06870202JVN#06870202: EC-CUBE information disclosure vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability.
Impact
When the server receives a specially crafted request, the absolute path of the product on the server may be obtained.
Solution
Apply the update or the patch
Apply the update or the patch according to the information provided by the developer.
Products Affected
- EC-CUBE 2.11.2
- EC-CUBE 2.11.3
- EC-CUBE 2.11.4
- EC-CUBE 2.11.5
- EC-CUBE 2.12.0
- EC-CUBE 2.12.1
- EC-CUBE 2.12.2
- EC-CUBE 2.12.3
- EC-CUBE 2.12.3en
- EC-CUBE 2.12.3enP1
- EC-CUBE 2.12.3enP2
- EC-CUBE 2.12.4
- EC-CUBE 2.12.4en
- EC-CUBE 2.12.5
- EC-CUBE 2.12.5en
- EC-CUBE 2.12.6
- EC-CUBE 2.12.6en
- EC-CUBE 2.13.0
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%